[
https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16895654#comment-16895654
]
Andrew Purtell commented on HBASE-22728:
----------------------------------------
I looked at the attached output of {{mvn dependency:tree}} and is this what we
want? Still pulling in jackson at compile scope for hbase-client and others.
Maybe set the scope to 'provided' so it is pulled into our build for compile
but is not recorded as a transitive dependency for projects that import our
artifacts?
The removal of jackson classes from the shaded jars looks right.
bq. script engine for language js can not be found
Ignore the XML parse errors, this is an environmental issue that will
(eventually) be addressed:
bq. Above QA failure message for shadedjar is: Found Banned Dependency:
jdk.tools:jdk.tools:jar:1.8 (which also comes without the patch applied on
branch-1). Hope it is not a concern.
I'm not sure what that is about. [~busbey]?
For releasing, we require the RM to build branch-1 based releases with JDK 7,
so it isn't a problem for releases.
> Upgrade jackson dependencies in branch-1
> ----------------------------------------
>
> Key: HBASE-22728
> URL: https://issues.apache.org/jira/browse/HBASE-22728
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 1.4.10, 1.3.5
> Reporter: Andrew Purtell
> Assignee: Viraj Jasani
> Priority: Major
> Fix For: 1.5.0, 1.3.6, 1.4.11
>
> Attachments: HBASE-22728.branch-1.01.patch,
> HBASE-22728.branch-1.02.patch, dependency_codehaus.out
>
>
> Avoid Jackson versions and dependencies with known CVEs
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
